When Your Duty of Care Includes Cybersecurity: 3 Things to Know
A company that fails to take reasonable steps to create and maintain a safe working environment breaches the Duty of Care they owe their employees and customers. Information security and cybersecurity are increasingly permeating corporate life, which means your company’s policies and procedures must adapt and reflect 21st century business and workplace values.
Here are three instances when your company’s Duty of Care includes cybersecurity:
- Your Organization’s Network is Hacked
While a lot of energy is given to preventing security breaches, a responsible reaction is just as important. If you’re a publicly traded company, the SEC now requires that you disclose your cybersecurity breaches. In the U.S., significant data breaches have led to shareholders taking legal action against directors.
Restricting damage, reducing recovery time, and limiting the associated costs should all be part of your company’s incident response plan, should your network be compromised. Your plan should also address the protocols for informing your customers, suppliers, employees, and regulatory bodies when you’re hacked.
- Cyberbullying & Cyber Harassment at Work
Employers have a Duty of Care to prevent bullying and harassment in the workplace, and this should include cyber bullying and cyber harassment—which has become a massive problem in the U.S., contributing to a spike in cyberbullying-related suicides. Over the last few years, workplace cyberbullying cases have caught lawmakers’ attention. There have been a number of recent cases involving employees who have been harassed online by coworkers and/or other individuals from work, leading to tragic deaths that could have been prevented with intervention.
Now, most states have added on to their existing anti-bullying laws by specifically adding language that addresses cyberbullying. Of the 48 states that have laws against cyberbullying, 18 have criminal sanctions, and 12 have proposed criminal sanctions. This means that employers should create a corporate culture that does not tolerate cyberbullying or harassment, with clear guidelines about what is unacceptable behavior online.
- The Physical Ramifications of Cyber Attacks
The Internet of Things (IoT) is increasingly becoming the engine of our world. By 2020, there will be roughly 200 billion connected devices. When employees and customers physically depend on services your company’s network provides, a cyber-attack is no longer simply a cyber problem. For example, your company’s building access, parking lot patrol, heating and air-conditioning, regular building maintenance, the safeguarding of physical valuables and money, supply chain, medical concerns, weather issues, disasters, and customer service are all connected to networks that can be hacked, which holds you liable.
It’s essential to build situational awareness about possible network hopping, eavesdropping, unauthorized access, and other physical and cyber risks and vulnerabilities. This includes training your employees to recognize phishing, spear phishing, and whaling attempts.
National Cybersecurity Month 2018 is a collaborative effort between government and industry to ensure every American has the resources they need to stay safe and secure online, while increasing the resiliency of the nation during wide scale cyber threats. The overarching theme this year is that cybersecurity is our shared responsibility and we all must work together to improve our nation's security.
To celebrate Cybersecurity Awareness Month, NC4 has created an original game for you to play. Share, challenge your friends, and get on the leaderboard! The top scores at the end of the month will win a fun prize.
By practicing good Duty of Care measures, you protect your company from unnecessary risk, as well as possible legal ramifications. Corporate security can be complicated; this is where NC4® solutions can help you.
NC4’s Cyber Defense Network enhances human collaboration and machine automation to help security, incident response, and crisis management teams to collaborate and interoperate more efficiently. NC4 Risk Center™ enhances your ability to monitor, analyze, and respond to risks. Clear and concise communication improves situational awareness and emergency response time. For more information on how our solutions can help your organization fulfill its Duty of Care obligations, contact us today at 877-624-4999.
What are you waiting for? Go play our game! Be a hero. Happy gaming!